[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1111422: marked as done (trixie-pu: package openjpeg2/2.5.3-2.1~deb13u1)

Your message dated Sat, 06 Sep 2025 12:14:57 +0100
with message-id <165032e5317517556dd7fd8cf24843112a3fb6ac.camel@adam-barratt.org.uk>
and subject line Closing p-u requests for fixes included in 13.1
has caused the Debian Bug report #1111422,
regarding trixie-pu: package openjpeg2/2.5.3-2.1~deb13u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1111422: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111422
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
Tags: trixie
X-Debbugs-Cc: openjpeg2@packages.debian.org, security@debian.org
Control: affects -1 + src:openjpeg2
User: release.debian.org@packages.debian.org
Usertags: pu

  * CVE-2025-54874: Out-of-bounds write in opj_jp2_read_header()
    (Closes: #1110443)

diffstat for openjpeg2-2.5.3 openjpeg2-2.5.3

 changelog                                                               |   15 +++
 patches/0001-opj_jp2_read_header-Check-for-error-after-parsing-he.patch |   40 ++++++++++
 patches/series                                                          |    1 
 3 files changed, 56 insertions(+)

diff -Nru openjpeg2-2.5.3/debian/changelog openjpeg2-2.5.3/debian/changelog
--- openjpeg2-2.5.3/debian/changelog	2025-03-10 09:22:54.000000000 +0200
+++ openjpeg2-2.5.3/debian/changelog	2025-08-17 18:30:07.000000000 +0300
@@ -1,3 +1,18 @@
+openjpeg2 (2.5.3-2.1~deb13u1) trixie; urgency=medium
+
+  * Non-maintainer upload.
+  * Rebuild for trixie.
+
+ -- Adrian Bunk <bunk@debian.org>  Sun, 17 Aug 2025 18:30:07 +0300
+
+openjpeg2 (2.5.3-2.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * CVE-2025-54874: Out-of-bounds write in opj_jp2_read_header()
+    (Closes: #1110443)
+
+ -- Adrian Bunk <bunk@debian.org>  Sat, 09 Aug 2025 18:19:52 +0300
+
 openjpeg2 (2.5.3-2) unstable; urgency=medium
 
   * Team upload.
diff -Nru openjpeg2-2.5.3/debian/patches/0001-opj_jp2_read_header-Check-for-error-after-parsing-he.patch openjpeg2-2.5.3/debian/patches/0001-opj_jp2_read_header-Check-for-error-after-parsing-he.patch
--- openjpeg2-2.5.3/debian/patches/0001-opj_jp2_read_header-Check-for-error-after-parsing-he.patch	1970-01-01 02:00:00.000000000 +0200
+++ openjpeg2-2.5.3/debian/patches/0001-opj_jp2_read_header-Check-for-error-after-parsing-he.patch	2025-08-09 18:19:52.000000000 +0300
@@ -0,0 +1,40 @@
+From f9b1f9f0a236dfee230b08dcc4165d83c07d473e Mon Sep 17 00:00:00 2001
+From: Sebastian Rasmussen <sebras@gmail.com>
+Date: Thu, 16 Jan 2025 02:13:43 +0100
+Subject: opj_jp2_read_header: Check for error after parsing header.
+
+Consider the case where the caller has not set the p_image
+pointer to NULL before calling opj_read_header().
+
+If opj_j2k_read_header_procedure() fails while obtaining the rest
+of the marker segment when calling opj_stream_read_data() because
+the data stream is too short, then opj_j2k_read_header() will
+never have the chance to initialize p_image, leaving it
+uninitialized.
+
+opj_jp2_read_header() will check the p_image value whether
+opj_j2k_read_header() suceeded or failed. This may be detected as
+an error in valgrind or ASAN.
+
+The fix is to check whether opj_j2k_read_header() suceeded before
+using the output argument p_image.
+---
+ src/lib/openjp2/jp2.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/lib/openjp2/jp2.c b/src/lib/openjp2/jp2.c
+index 4df055a5..da506318 100644
+--- a/src/lib/openjp2/jp2.c
++++ b/src/lib/openjp2/jp2.c
+@@ -2873,7 +2873,7 @@ OPJ_BOOL opj_jp2_read_header(opj_stream_private_t *p_stream,
+                               p_image,
+                               p_manager);
+ 
+-    if (p_image && *p_image) {
++    if (ret && p_image && *p_image) {
+         /* Set Image Color Space */
+         if (jp2->enumcs == 16) {
+             (*p_image)->color_space = OPJ_CLRSPC_SRGB;
+-- 
+2.30.2
+
diff -Nru openjpeg2-2.5.3/debian/patches/series openjpeg2-2.5.3/debian/patches/series
--- openjpeg2-2.5.3/debian/patches/series	2025-03-10 09:22:54.000000000 +0200
+++ openjpeg2-2.5.3/debian/patches/series	2025-08-09 18:19:52.000000000 +0300
@@ -1,2 +1,3 @@
 issue878.patch
 man_fix.patch
+0001-opj_jp2_read_header-Check-for-error-after-parsing-he.patch

--- End Message ---
--- Begin Message --- 
Package: release.debian.org
Version: 13.1

Hi,

Each of the updates referenced by these requests was included in
today's 13.1 point release for trixie.

Regards,

Adam

--- End Message ---
Reply to: